Method for preventing Ethernet from being attacked

Abstract

A method for preventing Ethernet from being attacked is provided. The method comprises the steps as follows: after detecting a new connection between a port and a terminal device and receiving a data packet from the terminal device, an Ethernet communication device establishing and storing a fixed map between the port and a hardware address of the terminal device, then forwarding the data packet according to the fixed map; after detecting a disconnection between the port and the terminal device, the Ethernet communication device deleting the fixed map.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This application is a National Phase Patent Application of International Application Number PCT / CN2004 / 000997, filed on Aug. 27, 2004, which claims priority of Chinese Patent Application Number 200310103400.7, filed on Oct. 30, 2003.FIELD OF THE TECHNOLOGY[0002]The invention relates to network security, in particular to a method for preventing Ethernet from being attacked.BACKGROUND OF THE INVENTION[0003]At present, destruction of network virus becomes more and more diversified and many new destructive methods appear. Attack to network reliability is one kind of these new destructive methods. The purpose of this kind of attack is not to steal information, but to attack network devices targeting on security vulnerabilities in networks and destroy normal network communication. Consequently, network paralysis will be caused and more losses will be brought to users. The attack to Ethernet is a familiar mode of this kind of attack.[0004]In con...

AI Technical Summary

Benefits of technology

[0015]It can be seen from the technical solution above, when a terminal device is connected to an Ethernet communication device and transmits a data packet, the Ethernet communication device learns the hardware address of the port to establish a map between the hardware address of the terminal device and the port. After the terminal device is disconnected from the Ethernet communication device, the Ethernet communication device will delete such map, and when the terminal device is connected to the port once again or a new terminal device is connected to the port, the communication device will re-establish a map through learning between the hardware address of the terminal device or that of the new terminal device and the port. Compared with the prior art in which a fixed mapping table is established and entries in the table are modified manually by a network administrator, the present invention will automatically delete the old map and establish a new map, thus brings more convenience to network administrators, improves network maintenance efficiency and decreases maintenance cost.

[0016]In addition, compared with the circumstance in which the hardware address table is updated frequently, in the present invention, once the hardware address table is established, the map of the port in the hardware address table is relatively fixed and will not be changed after each reception of data packet, unless disconnection between the terminal device and the communication device is detected. By the invention, MAC address cheating and MAC address bombing can be avoided effectively, risk of attacks to Ethernet is decreased and security and reliability of network is improved.

Problems solved by technology

Attack to network reliability is one kind of these new destructive methods.

Consequently, network paralysis will be caused and more losses will be brought to users.

At the same time, because of different users existing in the inner network, it is impossible for a network management department to monitor and control the network usage of each user within the inner network.

For users that communicate with others through Ethernet, once Ethernet is attacked and network paralysis occurs, there will be massive losses which are in direct proportion to the paralysis time even if no valuable data is lost; for companies which operate business based on Ethernet, such loss is more serious than losing data.

There is no authentication mechanism in the above-mentioned MAC address learning process, so some malicious users may attack a single user in Ethernet or whole Ethernet.

That is, after this learning process, the map between MAC 1 and Port 1 in the switch's MAC table will transfer to the map between MAC 1 and Port 2 Therefore, all the data packets to be sent to PC 1 will be transmitted to Port 2 and then to PC 2, resulting in PC 1 failing to receive the data packets normally.

If the malicious user adopts the same method to attack multiple hosts and even all hosts in Ethernet, the whole Ethernet will be close to paralysis.

Besides the above-mentioned MAC address cheating, malicious users can attack Ethernet through MAC address bombing.

Thus the switch needs to update the MAC table after receiving each data packet with different source address, and the MAC table of the switch will be in an unstable state.

If the source MAC address carried in these data packets is the true address of a network device in Ethernet, this network device cannot communicate normally.

This method is usually used by viruses to implement MAC bombing to whole Ethernet through the hosts which are infected by viruses, thereby destroying normal operations of the whole Ethernet.

Images